Troy Oakes | Vision Times
China’s love for pirate software may have just been its undoing with the latest ransomware program known as “WannaCry.” China is one of the countries that was hit hardest by the ransomware program that was launched on May 12. The latest global extortion cyberattack infected over 230,000 computers in 99 countries in just one day.
Zhu Huanjie, who is studying network engineering in the city of Hangzhou, believes that there are a number of reasons why China was affected so badly, like the lack of security on school networks; however, he said piracy was also a factor.
Many users of pirated versions do not update their software to get the latest safety features. This is due to fears that their copies would be damaged or locked. Huanjie said in a statement: “Most of the schools are now all using pirate software, including operation system and professional software. In China, the Windows that most people are using is still pirated. This is just the way it is.”
China’s National Computer Network Emergency Response Center confirmed that by May 14, half of the infected IPs had been located within China. Thirty-thousand institutions have been affected by the attack, which includes universities, immigration checkpoints, and oil stations.
The ransomware exploits the “Eternal Blue” loophole, which was developed by the U.S. National Security Agency (NSA). This attacks computers that run the Microsoft Windows operating system by connecting to the Internet through port 445 (a port for document sharing protocols).
The “WannaCry” ransomware locks users out of their own computers by encrypting their files. It then demands the user to pay money in Bitcoins in exchange for de-encryption. Only operating systems that have not downloaded the security update patches issued in March 2017 are vulnerable to the attack.
Although a majority of Internet service providers in China have already blocked port 445 (to avoid any potential massive attack), there are still many public service institutions that have not blocked the port.
Universities all over the country, including Shandong University, Qinghua, Beida, and Shanghai Jiaotong, have been among the worst affected. This has left a sizable number of student theses and research projects being encrypted by “WannaCry,” where they remain encrypted by the ransomware. Media outlets have reported that: “As of May 13 at 20:00, there are 29,372 organizations with hundreds of thousands of computers infected; this includes 4341 education and research institutions… ”
Beijing has allowed the extensive use of unlicensed software despite repeated promises to crack down. China has continued to ignore warnings by industry groups that it was leaving itself open to malicious code. Estimates have 70 percent of computers in China running unlicensed software, which is the highest level among large countries.
Researchers from Symantec and Kaspersky Lab have found similarities between “WannaCry” and previous attacks that were blamed on North Korea; however, the evidence is far from conclusive.
It is widely understood that North Korea is training cyberwarriors at schools. If this is the case, should we stop underestimating North Korea and work together to respond to cyber threats from North Korea? A good start would be China pulling the plug on North Korea’s Internet.
The issue of software piracy has been less of a focus for the Chinese government since the leaks by former intelligence contractor Edward J. Snowden. The leaks detailed Americans hacking efforts aimed at monitoring China’s military buildup. This led Beijing to accelerate its push to develop Chinese-branded software and hardware that would be tougher to hack.
One thing is for sure; if those behind the ransomware attack manage to profit from the hacking, they have managed to do something that Microsoft could not! And that’s make money from Windows within China.